From be0812fb55a6ad2620c43ad13bc178e10cb9ca82 Mon Sep 17 00:00:00 2001 From: Daniel Rudolf Date: Thu, 24 Oct 2019 12:05:08 +0200 Subject: [PATCH] Mark Twig content filter as HTML safe --- lib/Pico.php | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/lib/Pico.php b/lib/Pico.php index be71755..c8c514a 100644 --- a/lib/Pico.php +++ b/lib/Pico.php @@ -2098,17 +2098,21 @@ class Pico // this is the reason why we can't register this filter as part of PicoTwigExtension $pico = $this; $pages = &$this->pages; - $this->twig->addFilter(new Twig_SimpleFilter('content', function ($page) use ($pico, &$pages) { - if (isset($pages[$page])) { - $pageData = &$pages[$page]; - if (!isset($pageData['content'])) { - $pageData['content'] = $pico->prepareFileContent($pageData['raw_content'], $pageData['meta']); - $pageData['content'] = $pico->parseFileContent($pageData['content']); + $this->twig->addFilter(new Twig_SimpleFilter( + 'content', + function ($page) use ($pico, &$pages) { + if (isset($pages[$page])) { + $pageData = &$pages[$page]; + if (!isset($pageData['content'])) { + $pageData['content'] = $pico->prepareFileContent($pageData['raw_content'], $pageData['meta']); + $pageData['content'] = $pico->parseFileContent($pageData['content']); + } + return $pageData['content']; } - return $pageData['content']; - } - return null; - })); + return null; + }, + array('is_safe' => array('html')) + )); // trigger onTwigRegistration event $this->triggerEvent('onTwigRegistered', array(&$this->twig));